Please define ISMS.

Thanks

Maturity assessment of organization.

Organization Chart

Stake holders need and...

I think Studding Chapter 1 of Cobit5 Framework is Useful for you. 

ISMS seems to stand for Information Security Management System.

We have done some research on security and privacy assessment methodology based on the ISO27000 set of standards as well as the Spanish open standard MAGERIT as part of the PRECYSE FP7 EU project (http://www.precyse.eu). Our approach amongst others integrates the open source ISMS tool Verinice (www.verinice.org).

Thanks all for the answers. Actually, we have the manager involved. But the most matter for us is to do feasibility study on the organization before starting to define the scope, etc. How could we measure the feasibility before launching the project?

We have developed an OCIL conformance testsuite according to the Spanish MAGERIT standard which may be useful for doing the initial survey to identify security requirements etc. We expect to release it as an open source testsuite soon.

Thanks so much Elisa and Nils.

Hope to be able to use your testsuite as soon as possible.

We have now released a set of resources from the PRECYSE EU project that are useful for implementing an Information Security Management System:

I have released a course on using the Verinice ISMS:

https://sourceforge.net/p/arftoverinice/code/HEAD/tree/trunk/course/

The YouTube playlist "PRECYSE Verinice Course" with screencast videos is here:

https://www.youtube.com/playlist?list=PLMGXA-EPMnzIqQZ6VBs_0svhxkgarBEMR

The arftoverinice import filter for importing OpenVAS scans into Verinice is here:

https://sourceforge.net/projects/arftoverinice/

The Magerit control catalogue and OCIL test suite is here:

https://sourceforge.net/projects/mageritcc/